May - October 2018 Cumulative Updates: SFC Integrity violation: NlsData0000.dll RRS feed

  • Question

  • Installing the May 17 Cumulative Update for Server 2016  (OS Build 2273)
    leads to the "SFC /scannow" command attempting to repair the file "NlsData0000.dll"
    in the Windows - SysWOW64 directory. The repair is reported as "successful",
    but when running the command again, another repair is attemped.
    In other words: SFC /scannow never succeeds without integrity violations.

    Uninstalling the May 17 CU helps (reverting to April 10, 2018 Build 2189).
    No more integrity violations are shown after that.

    Reinstall the May 17 CU and voila, the error returns.

    Should be straightforward to reproduce (did so with two servers and a VM).

    Maybe the MS guys should have bothered running the SFC command before
    publishing the update, but I guess that would count as "testing" ;)

    Please fix this issue with the next update and make SFC work without errors again!

    Thanks and best regards
    Klaas Klever

    EDIT: Seems to have been finally fixed with KB4471321 (December 2018 Cumulative update)
    (with a small "hiccup", see below)

    • Edited by Klaasklever Wednesday, December 12, 2018 11:09 PM
    Monday, June 4, 2018 5:19 PM

All replies

  • Same result over here. Dism cleanup doesn't help resolve it either (Dism /Online /Cleanup-Image /RestoreHealth)

    Any other solution other than uninstalling?

    Monday, June 11, 2018 2:34 PM
  • Update: This issue still happens with the June 2018 Cumulative Update
    (KB4284880, OS Build 2312)!

    This is ridiculous: an issue that happens 100% of the time,
    essentially breaks an essential command (SFC) by creating false alarms,
    and can be reproduced 100% by simply running SFC /scannow...
    ready for installation on thousands of servers around the world ;)

    • Edited by Klaasklever Saturday, June 16, 2018 8:35 PM
    Saturday, June 16, 2018 2:40 PM
  • Just built new Windows 2016 Server - Standard edition

    Applied all windows updates.  Part of our build procedure requires successful run of sfc /scannow without errors.  am having same issues reported in this post with the NlsData0000.dll file.  

    Sunday, June 17, 2018 4:26 AM
  • Me too. 
    Thursday, June 28, 2018 1:02 AM
  • Me too.

    It's a shame to release such updates. I wasted a lot of time trying and tring again.

    Friday, June 29, 2018 7:00 PM
  • has anyone found a fix for this
    Friday, July 13, 2018 4:39 PM
  • has anyone found a fix for this

    Maybe, the cumulative update for 2016 of the last patch day.

    I installed the patch, but I didn't have time to test it yet.

    Friday, July 13, 2018 5:20 PM
  • I just installed a fresh windows server 2016 with latest updates, ran the sfc /scannow and got error with the NlsData0000.dll

    Is there any harm from this error or just false alaram? 

    • Edited by Kbsc Thursday, July 19, 2018 8:00 AM
    Thursday, July 19, 2018 6:55 AM
  • Is there any harm from this error or just false alaram? 

    Nobody knows for sure, I guess it's just a false alarm.
    In any case, it's annoying, because it breaks a basic command (SFC)
    by creating flase alarms and unnecessary panic ...

    I can confirm it still happens with the July 2018 update. I just checked.

    leaving this unfixed for three months now is a poor performance by Microsoft...

    Sunday, July 22, 2018 10:20 PM
  • Do all of you have the same file indicated (NlsData0000.dll)? Some of my installations report other files (like wuuhext.dll)

    All of the installations of Windows Server 2016 and Windows Server, version 1803 are affected.

    Friday, August 3, 2018 6:06 PM
  • Yes, it is only NlsData0000.dll for me.
    Friday, August 3, 2018 6:37 PM
  • Hi,

    Thanks for this useful post, I tought I had one more problem.

    I have a big problem with Kerberos on a PDC (not able to join new DC into the forest : RPC error issue...). I Don't know if the cause could be a hack (highly probable) and I was wondering why SFC still reports me an issue with NlsData0000.dll …

    At least, false positive problem with NlsData0000.dll can be dropped !

    the hash problem reported is :

    Hashes for file member \??\C:\Windows\SysWOW64\NlsData0000.dll do not match actual file [l:15]'NlsData0000.dll' :
      Found: {l:32 zswq09s5+Zb0OfXSW1ikcF7tHaaSH36DU+P1teqdh3g=} Expected: {l:32 VqGFDDtNkUJL2y72172gbrdibqg7T6Y8qeCjl1AgmkA=}


    Friday, August 3, 2018 10:53 PM
  • Same here. On multiple server 2016s
    Sunday, August 12, 2018 12:16 AM
  • The the August 2018 Cumulative Update (KB4343887) brought no changes.
    The issue still persists ...

    I'm wondering if MS is aware at all.
    Maybe someone should report this through the official channels...

    • Edited by Klaasklever Tuesday, August 14, 2018 9:53 PM
    Tuesday, August 14, 2018 9:51 PM
  • Still there with the september 2018 Cumulative update! 

    Kenneth Larsen

    • Edited by nandfred Thursday, September 20, 2018 11:11 AM
    Thursday, September 20, 2018 11:11 AM
  • How do we know that this is on Microsoft's radar?
    Thursday, September 20, 2018 3:23 PM
  • How do we know that this is on Microsoft's radar?

    We don't. Someone has to report it :D

    PS: Still the exact same issue with the October 2018 update,
    no changes ...

    Apparently running SFC is not part of the MS testing cycle (d'oh!)

    Thursday, October 11, 2018 6:34 PM
  • It's about time I made a contribution to the community.

    I've raised it with MS and have it in for fixing with their development team.

    Current ETA is end of November.

    I gave them a lot of grief over this issue via phone and email. I've even hammered home like many of you that this should be the final check before releasing to the public.

    EDIT: My advice would be to stick to 7th August 2017 CU so you reduce any risk or impact to your environment.

    • Edited by Will Manley Wednesday, October 24, 2018 12:53 AM
    Tuesday, October 16, 2018 12:39 AM
  • I have the same issue here. Just came across this thread and have logged to MS premier support. Let's see what them come back with. 
    Monday, November 26, 2018 1:57 PM
  • I've had an email in the past 24 hours indicating the KB will be published as 4467684.

    However it still needs to be qualified that this will resolve the issue.

    Monday, November 26, 2018 8:51 PM
  • Is there a functional issue here or is it cosmetic? 
    Wednesday, November 28, 2018 4:58 PM
  • Seems to be fixed with the recent update.
    Thursday, November 29, 2018 2:22 PM
  • Not for me. Applied KB4467681 but still there.
    Thursday, November 29, 2018 3:15 PM
  • YES, I can confirm this.

    It's FIXED now :-) !

    Thursday, November 29, 2018 3:39 PM
  • Not for me. Applied KB4467681 but still there.

    Use "sfc /scannow" to repair first, then reboot.

    After reboot, use "sfc /verifyonly" to check.

    Tested on 4 Windows Server 2016 Standard, 3 are on real hardware, 1 on Hyper-V.

    All systems are repaired now.

    Thursday, November 29, 2018 10:15 PM
  • I'm glad it is working for others. However I cannot get it installed on 14393.2515 for love or money :-(

    This was the last version I had tested to see if it had fixed it but now I can't get this latest release on the machine.

    I've reported this back to engineering.

    • Edited by Will Manley Friday, November 30, 2018 3:41 AM
    Friday, November 30, 2018 3:40 AM
  • Guys, this was laziness on my part and I was mistaken. I applied KB4467684 The specific message around the integrity of NlsData0000.dll is gone however I do have the same issues now with the file 


    SFC raising the message that it cant repair: 

    "Windows Resource Protection found corrupt files but was unable to fix some

    of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
    example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not
    supported in offline servicing scenarios."

    Friday, November 30, 2018 8:47 AM
  • Seems fixed for me with KB4471321, the December 2018 Cumulative Update
    (I did not try the November KB4467684 update).

    The NlsData000.dll is now dated November-01-2018, so it seems that MS has included
    a new version of this file which fixes the persistent SFC errors.

    However, there was a small "hiccup":

    After installing KB4471321, running SFC /scannow now reported
    the file MSWB7.dll in the SysWOW64 folder as corrupted.
    And indeed, this file was entirely missing from the SysWOW64 folder.
    It was there before with the October Cumulative Update (checked that with a VM).
    The repair seems to have succeded,
    as the file was present again in SysWOW64
    after running SFC /scannow once.

    Subsequent runs of SFC /scannow do not report any more integrity violations,
    all seems to be fine now.

    Funny though that they had to temporarily kill another file (MSWB7.dll) in the process.
    Be that as it may, at least the SFC repair for MSWB7.dll seems to work as intended ;)

    Can anyone confirm these findings (--> MSWB7.dll) with the December Cumulative Update ?

    • Edited by Klaasklever Wednesday, December 12, 2018 11:11 PM
    Wednesday, December 12, 2018 10:43 PM
  • So solution for me was to apply:

    • KB4467684 
    • Reboot
    • Run DISM /Online /cleanup-image /restorehealth /limitaccess /source:\\myserver\admin$\winsxs
    • sfc /scannow

    With myserver being a clean build system patched to KB4467684 

    Thursday, December 13, 2018 9:24 AM